The threat arrives as an e-mail which looks like it came from Trend Micro and the malware comes as an attachment to it. The use of an attachment is by itself unusual, as malware distribution has largely moved to using links to hijacked web sites where the malware is hosted. The Trend blog says the attachment is named iClean20.EXE, but the screen shot of the e-mail shows it as a .RAR file which probably itself contains iClean20.EXE.

iClean20.EXE uses a clever trick: It drops 2 files, one of which is the genuine Trend Virus Clean Tool, and the other the malware, detected by Trend as BKDR_POISON.GO. By pointing the user to the actually cleaning tool they may distract them from the malware. BKDR_POISON.GO opens a random port and allows a remote user to execute commands on the affected system.

No reputable company sends out updates through e-mail like this. Never execute a program you receive this way.